{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-1489: fix integer overflow in Unicode case conversion functions\n- CVE-2026-1484: fix integer overflow in GLib Base64 encoding\n- CVE-2025-14512: fix integer overflow in escape_byte_string() for byte\n strings with many invalid characters\n- CVE-2026-1485: fix buffer underflow in content type treemagic parsing\n- CVE-2026-0988: fix integer overflow in g_buffered_input_stream_peek()\n- CVE-2025-7039: fix integer overflow in temporary file creation", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1776329620.json" } ], "tracking": { "current_release_date": "2026-04-16T08:54:59Z", "generator": { "date": "2026-04-16T08:54:59Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1776329620", "initial_release_date": "2026-04-16T08:54:59Z", "revision_history": [ { "date": "2026-04-16T08:54:59Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "glib2: Fix of 6 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "product": { "name": "glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "product_id": "glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glib2-devel@2.68.4-6.el9.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "product": { "name": "glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "product_id": "glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glib2-static@2.68.4-6.el9.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "product": { "name": "glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "product_id": "glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glib2@2.68.4-6.el9.tuxcare.els6?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product": { "name": "glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product_id": "glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glib2-devel@2.68.4-6.el9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product": { "name": "glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product_id": "glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glib2-static@2.68.4-6.el9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product": { "name": "glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product_id": "glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glib2@2.68.4-6.el9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product": { "name": "glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product_id": "glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glib2-tests@2.68.4-6.el9.tuxcare.els6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "product": { "name": "glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "product_id": "glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/glib2-doc@2.68.4-6.el9.tuxcare.els6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686" }, "product_reference": "glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64" }, "product_reference": "glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64" }, "product_reference": "glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686" }, "product_reference": "glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64" }, "product_reference": "glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.68.4-6.el9.tuxcare.els6.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686" }, "product_reference": "glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch" }, "product_reference": "glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" }, "product_reference": "glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-0988", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-0988" } ], "release_date": "2026-01-15T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T08:53:43.607647Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620", "product_ids": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-1485", "cwe": { "id": "CWE-124", "name": "Buffer Underwrite ('Buffer Underflow')" }, "notes": [ { "category": "description", "text": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-1485" } ], "release_date": "2026-01-27T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T08:53:43.607647Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620", "product_ids": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-1489", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-1489" } ], "release_date": "2026-01-27T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T08:53:43.607647Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620", "product_ids": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-14512", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-14512" } ], "release_date": "2025-12-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T08:53:43.607647Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620", "product_ids": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-7039", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-7039" } ], "release_date": "2025-07-02T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T08:53:43.607647Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620", "product_ids": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-1484", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-1484" } ], "release_date": "2026-01-27T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-16T08:53:43.607647Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620", "product_ids": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776329620" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-devel-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-doc-0:2.68.4-6.el9.tuxcare.els6.noarch", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.i686", "AlmaLinux-9.2:glib2-static-0:2.68.4-6.el9.tuxcare.els6.x86_64", "AlmaLinux-9.2:glib2-tests-0:2.68.4-6.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }